Allow multiple auth-server-urls

[sebaspf]

Description

When using CNAMEs to point to the Keyclaok server, the JWT created has in the iss field the CNAME. As the KC Server can be react over both addresses, the auth-server-url field of the Config must take this into account. In the code line https://github.com/keycloak/keycloak-nodejs-connect/blob/dd1c20f0c1e6366e98434128eafea2e78ab545fd/middleware/auth-utils/grant-manager.js#L427 the request will be rejected if they come form the CNAME URL of the URL the CNAME Points to.

Proposal Type for backwards compatibility:

type auth_server_url_type: string | string[]

Usgage:

let iss = new URL(token.content.iss)
if ((typeof this.config.realmUrl) === "string") {
  // Use like until now
} else if (Array.isArray(this.config.realmUrl) {
  if (this.config.realmUrl.includes(iss.host) && (iss.pathname === ''/realms/' + this.config.realm) // Accept/Reject
} else {
  // Error (the Config class constructor should check this)
}

Discussion

No response

Motivation

No response

Details

No response

[sbabych]

Hi, pls take a look at https://github.com/keycloak/keycloak-nodejs-connect/issues/308 imo this is a correct approach for the multiple auth-server-urls. Unfortunately it is already open for 2years at least